This invention relates to cryptographic communication security techniques and, more particularly, to an operational key verification arrangement for verifying at a first station that a second station is the source of cryptographic data communicated to the first station only if the operational keys of both stations are identical.
With the increasing number of computer end users, sharing of common system resources such as files, programs and hardware and the increasing use of distributed systems and telecommunications, larger and more complex computer base information systems are being created. In such systems, an increasing amount of sensitive data may be transmitted across unsecure communication lines. Because of the insecurity of communication lines, there is an increasing concern over the interception or alteration of sensitive data which must pass outside a controlled or protected environment or which may become accessible if maintained for too long a period of time. Cryptography has been recognized as an effective data security measure in that it protects the data itself rather than the medium over which it is transmittted or the media on which it is stored.
Cryptography deals with methods by which message data called cleartext or plaintext is encrypted or enciphered into unintelligible data called ciphertext and by which the ciphertext is decrypted or deciphered back into the plaintext. The encipherment/decipherment transformations are carried out by a cipher function or algorithm controlled in accordance with a cryptographic or cipher key. The cipher key selects one out of many possible relationships between the plaintext and the ciphertext. Various algorithms have been developed in the prior art for improving data security in data processing systems. Examples of such algorithms are described in U.S. Pat No. 3,796,830 issued Mar. 12, 1974 and U.S. Pat. No. 3,798,359 issued Mar. 19, 1974. Another more recent algorithm providing data security in data processing systems is described in U.S. Pat. No. 3,958,081 issued May 18, 1976. This algorithm was adopted by the National Bureau of Standards as a data encryption standard (DES) algorithm and is described in detail in the Federal Information Processing Standards publication, Jan. 15, 1977, FIPS PUB 46.
A data communication network may include a complex of communication terminals connected via communication lines to a single host system and its associated resources such as the host programs and locally attached terminals and data files. Within the data communication network, the domain of the host system is considered to be the set of resources known to and managed by the host system. As the size of data communication networks increases, other host systems may be brought into the network to provide multiple domain networks with each host system having knowledge of and managing its associated resources which make up a portion or domain of the network. By providing the proper cross domain data link between the domains of the network, two or more domains may be interconnected to provide a networking facility. Accordingly, as the size of the network increases and the number of communication lines interconnecting the domains of network increases, there is an increasing need to provide communication security for data transmitted over such communication lines connecting the domains of a multiple domain communication network. Various data communication networks have been developed in the prior art using cryptographic techniques for improving the security of data communication within the network. In such networks, a cryptographic facility is provided at the host system and at various ones of the remote terminals. In order for the host system and a remote terminal to perform a cryptographic communication, both must use the same cryptographic algorithm and a common operational key so that the data enciphered by the sending station can be deciphered at the receiving station. In prior art cryptographic communication arrangements, the operational key to be used at the sending station is communicated by mail, telephone or courier to the receiving station so that a common operational key is installed at both stations to permit the cryptographic communications to be performed. Other prior art arrangements developed techniques which permitted the communication line connecting the two stations to be used for communicating the operational key from one station to the other station by enciphering the operational key in a form which is recoverable at the receiving station as exemplified by the Consumer Transaction Facility described in U.S. Pat. No. 3,956,615 issued May 11, 1976.
With such an arrangement, an opponent who attempts to intercept data communications over the communication line to recover the communicated operational key in order to be able to decipher subsequent cryptographic data communications over the communication line will be blocked inasmuch as he does not have available to him the cipher key under which the operational key is enciphered. One way in which he may be able to make use of the intercepted enciphered operational key and cryptographic data communications is to make an attack at the station for which the message was intended and gain access to that station so that he may play a recording of the enciphered operational key into the cryptographic apparatus of that station which will then decipher the enciphered operational key after which he may then play a recording of the cryptographic data communication into the cryptographic apparatus of that station and obtain the data communication in clear form.
Accordingly, it is an object of the invention to maintain communication security of data transmissions between stations connected by a communication line.
Another object of the invention is to verify at a cryptographic station the source of communicated cryptographic data.
A further object of the invention is to maintain communication security of data transmissions between a first cryptographic station and a second cryptographic station by verifying that both stations are using a common operational key.
Still another object of the invention is to send a challenge from a first cryptographic station in accordance with its operational key to a second cryptographic station requiring the second station to return a cryptographic message in accordance with its operational key in such a form that the first station can verify that the second station is the source of the cryptographic message only if the operational keys of both stations are identical.
In a data communication network providing data communications between a first cryptographic station provided with a first operational key and a second cryptographic station provided with a second operational key, an operational key verification arrangement is provided in accordance with the invention in which the first station provides a first verification number and then performs a first operation in accordance with the first verification number and the first operational key to provide first station ciphertext for transmission to the second station. At the second station, an operation is performed in accordance with the first station ciphertext and the second operational key to provide second station ciphertext for transmission back to the first station and performing a second operation at the first station in accordance with the first verification number and the received second station ciphertext to verify that the second station is the source of the second station ciphertext only if the operational keys of the two stations are identical.
In the verification arrangement of the present invention, the first station ciphers the first verification number under control of the first operational key to provide first station ciphertext for transmission to the second station. The second station ciphers the first station ciphertext under control of the second operational key to obtain a second verification number which is equal to the first verification number if the operational keys of the two stations are identical. The second verification number is then modified in accordance with a first function to obtain a modified second verification number which is then ciphered under control of the second operational key to provide second station ciphertext for transmission back to the first station.
Various embodiments of verification at the first station are provided by the present invention. In one embodiment, the second station ciphertext received at the first station is ciphered under control of the first operational key to obtain a first resulting number which is equal to the modified second verification number if the operational keys of the two stations are identical. The first resulting number is then modified by a second function which is the inverse of the first function to obtain a second resulting number which is equal to the first verification number if the operational keys of the two stations are identical. The first verification number is compared with the second resulting number for equality to verify that the second station is the source of the cryptographic data communication only if the operational keys of the two stations are identical.
In another embodiment of the verification at the first station, the second station ciphertext received at the first station is ciphered under control of the first operational key to obtain a first resulting number which is equal to the modified second verification number, previously produced by the second station, if the operational keys of the two stations are identical. The first station then modifies the first verification number by a second function which is identical to the first function, previously performed at the second station, to obtain a modified first verification number which is equal to the modified second verification number, previously produced by the second station, if the operational keys of the two stations are identical. The modified first verification number is then compared with the first resulting number for equality to verify that the second station is the source of the cryptographic data communication only if the operational keys of the two stations are identical.
In another embodiment of the verification at the first station, the second station ciphertext, which represents the modified second verification number ciphered under the second operational key, is received and stored at the first station. The first station then modifies the first verification number by a second function which is identical to the first function, previously performed at the second station, to obtain a modified first verification number which is equal to the modified second verification number previously produced by the second station if the operational keys of the two stations are identical. The modified first verification number is then ciphered under the first operational key to obtain additional first station ciphertext which is then compared with the received second station ciphertext for equality to verify that the second station is the source of the second station ciphertext only if the operational keys of the two stations are identical.
The foregoing and other objects, features and advantages of the invention will be apparent from the following particular description of preferred embodiments of the invention, as illustrated in the accompanying drawings.